an asset, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, economic or social well-being of people, and the disruption or destruction of which would have a significant impact in a Member State as a result of the failure to maintain those functions.[4]

the basis of people's social lives and economic activities formed by businesses that provide services which are extremely difficult to be substituted by others if its function is suspended, deteriorated or become unavailable, it could have significant impacts on people's social lives and economic activities.[5]

systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters.[6]

”

“

[s]ystems and assets, whether physical or virtual, so vital that their incapacitation or destruction may have a debilitating impact on the security, economy, public health or environment of a nation. Examples include infrastructure that supports banking and finance, communications, energy and transportation.[7]

Critical infrastructures (CI) (also referred to as critical national infrastructures or CNI) are physical or virtual systems and assets so vital to the nation that their incapacitation or destruction would:

have a negative effect on the economy through the cascading disruption of other critical infrastructure,

or undermine the public's morale and confidence in our national economic and political institutions.[8]

Critical infrastructures underpin the security of the U.S.'s national wealth, defense capability, economic prosperity of its people, and, above all, the maintenance of the system of human rights and individual freedoms for which the United States was founded. The threat of infrastructureattacks therefore has the potential for strategic damage to the United States.

There are 18 critical infrastructure sectors: agriculture and food, banking and finance, chemical, commercial facilities, communications, critical manufacturing, dams, defense industrial base, emergency services, energy, government facilities, information technology, national monuments and icons, nuclear reactors, materials and waste, postal and shipping, public health and health care, transportation systems, and water. These systems and assets are essential to the operations of the economy and the government.

Disruptions can be caused by any number of factors: poor design, operator error, physical destruction due to natural causes, (earthquakes, lightning strikes, etc.) or physical destruction due to intentional human actions (theft, arson, terrorist attack, etc.). Disruption of any infrastructure is always inconvenient and can be costly and even life-threatening. Major disruptions could lead to major losses and affect national security, the economy, and the public good.

Over the years, operators of these critical infrastructures have taken measures to guard against, and to quickly respond to, many of these threats, primarily to improve reliability and safety. However, the terrorist attacks of September 11, and the subsequent anthrax attacks, demonstrated the need to reexamine protections in light of the terrorist threat, as part of an overall critical infrastructure protection policy.[9]

[T]his reliance of all of the nation’s critical infrastructures on IT makes any of them vulnerable to a terrorist attack on their computer or telecommunications systems.[10]

”

The U.S. government has identified multiple sources of threats to our nation’s critical infrastructure, including foreign nation states engaged in information warfare, domestic criminals, hackers, virus writers, and disgruntled employees working within an organization. In addition, there is concern about the growing vulnerabilities to our nation as the design, manufacture, and service of information technology have moved overseas.[11] For example, according to media reports, technology has been shipped to the United States from foreign countries with viruses on the storage devices.[12]

"Of growing concern is the cyber threat to critical infrastructure. This infrastructure provides essential services such as energy, telecommunications, water, transportation, and financial services and is increasingly subject to sophisticated cyber intrusions that pose new risks. As information technology becomes increasingly integrated with physical infrastructure operations, there is increased risk for wide scale or high-consequence events that could cause harm or disrupt services upon which our economy and the daily lives of millions of Americans depend."[13]

↑EU Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European critical infrastructures and
the assessment of the need to improve their protection, Off. J. of the European Union, at 77 (full-text).

↑White House, Homeland Security Presidential Directive 7, Critical Infrastructure Identification, Prioritization, and Protection (Dec. 17, 2003). A more general definition is given in statute (Pub. L. No. 107-71, §1016): ". . . systems and assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health and safety, or any combination of those matters."

↑Besides loss of life, the terrorist attacks of September 11 disrupted the services of a number of critical infrastructures (including telecommunications, the Internet, financial markets, and air transportation). In some cases, protections already in place (like off-site storage of data, mirror capacity, etc.) allowed for relatively quick reconstitution of services. In other cases, service was disrupted for much longer periods of time.